Vulnerabilities > Opensuse

DATE CVE VULNERABILITY TITLE RISK
2018-08-10 CVE-2018-6556 Channel and Path Errors vulnerability in multiple products
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. 		3.3
3.3
2018-08-01 CVE-2018-12467 Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
network
low complexity
opensuse CWE-732
6.5
6.5
2018-08-01 CVE-2018-12466 Incorrect Permission Assignment for Critical Resource vulnerability in Opensuse Open Build Service
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
network
low complexity
opensuse CWE-732
6.5
6.5
2018-08-01 CVE-2018-10916 Improper Input Validation vulnerability in multiple products
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used.
network
low complexity
lftp-project canonical opensuse CWE-20
6.5
6.5
2018-07-30 CVE-2016-9597 It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow.
network
low complexity
canonical xmlsoft debian hp opensuse
7.5
7.5
2018-07-23 CVE-2018-14523 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in aubio 0.4.6.
network
low complexity
aubio opensuse suse CWE-125
8.8
8.8
2018-07-23 CVE-2018-14522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in aubio 0.4.6.
network
low complexity
aubio opensuse suse CWE-119
8.8
8.8
2018-07-10 CVE-2018-1129 Improper Authentication vulnerability in multiple products
A flaw was found in the way signature calculation was handled by cephx authentication protocol.
low complexity
redhat ceph debian opensuse CWE-287
6.5
6.5
2018-07-10 CVE-2018-1128 Improper Authentication vulnerability in multiple products
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
high complexity
redhat debian opensuse CWE-287
7.5
7.5
2018-07-10 CVE-2018-10861 Improper Authentication vulnerability in multiple products
A flaw was found in the way ceph mon handles user requests.
network
low complexity
ceph redhat opensuse debian CWE-287
8.1
8.1